All Questions
49,186
questions
2773votes
28answers
2.0mviews
How can I prevent SQL injection in PHP?
If user input is inserted without modification into an SQL query, then the application becomes vulnerable to SQL injection, like in the following example:
$unsafe_variable = $_POST['user_input'];
...
995votes
11answers
958kviews
How can I do 'insert if not exists' in MySQL?
I started by googling and found the article How to write INSERT if NOT EXISTS queries in standard SQL which talks about mutex tables.
I have a table with ~14 million records. If I want to add more ...
- 30.2k
737votes
39answers
964kviews
How do I get the query builder to output its raw SQL query as a string?
Given the following code:
DB::table('users')->get();
I want to get the raw SQL query string that the database query builder above will generate. In this example, it would be SELECT * FROM users.
...
- 10.2k
733votes
4answers
283kviews
SQL injection that gets around mysql_real_escape_string()
Is there an SQL injection possibility even when using mysql_real_escape_string() function?
Consider this sample situation. SQL is constructed in PHP like this:
$login = mysql_real_escape_string(...
- 76.7k
376votes
19answers
576kviews
Get table column names in MySQL?
Is there a way to grab the columns name of a table in MySQL using PHP?
- 5,738
262votes
15answers
571kviews
Cannot simply use PostgreSQL table name ("relation does not exist")
I'm trying to run the following PHP script to do a simple database query:
$db_host = "localhost";
$db_name = "showfinder";
$username = "user";
$password = "password";
$dbconn = pg_connect("host=$...
- 4,145
196votes
9answers
409kviews
selecting unique values from a column
I have a MySQL table which contains the following type of information:
Date product
2011-12-12 azd
2011-12-12 yxm
2011-12-10 sdx
2011-12-10 ...
- 2,467
190votes
3answers
259kviews
How to insert multiple rows from a single query using eloquent/fluent
I have the following query:
$query = UserSubject::where('user_id', Auth::id())->select('subject_id')->get();
and as expected I get the following result:
[{"user_id":8,"subject_id":9},{"...
- 2,553
172votes
5answers
109kviews
Make column not nullable in a Laravel migration
I'm writing a migration to make certain columns in a table nullable right now. For the down function, I of course want to make those columns not nullable again. I looked through the schema builder ...
- 6,609
164votes
10answers
310kviews
Increment value in MySQL update query
I have made this code for giving out +1 point, but it doesn't work properly.
mysql_query("
UPDATE member_profile
SET points= ' ".$points." ' + 1
WHERE user_id = '".$...
- 16.9k
145votes
17answers
121kviews
Getting raw SQL query string from PDO prepared statements
Is there a way to get the raw SQL string executed when calling PDOStatement::execute() on a prepared statement? For debugging purposes this would be extremely useful.
- 31.8k
145votes
18answers
154kviews
How to debug PDO database queries?
Before moving to PDO, I created SQL queries in PHP by concatenating strings. If I got database syntax error, I could just echo the final SQL query string, try it myself on the database, and tweak it ...
- 118k
130votes
11answers
66kviews
Flat file databases [closed]
What are the best practices around creating flat file database structures in PHP?
A lot of more matured PHP flat file frameworks out there which I attempt to implement SQL-like query syntax which is ...
- 6,047
122votes
10answers
65kviews
How to apply bindValue method in LIMIT clause?
Here is a snapshot of my code:
$fetchPictures = $PDO->prepare("SELECT *
FROM pictures
WHERE album = :albumId
ORDER BY id ASC
LIMIT :skip, :max");
$fetchPictures->bindValue('...
- 46k
119votes
15answers
336kviews
How to print SQL statement in codeigniter model
I have a sql statement in my model,
I then say
$query = $this->db->query($sql, array(fields, fields1);
if ($query) {
return true:
} else {
echo "failed";
return false;
}
My query ...
- 4,453